Senior Manager, Cyber Assurance

Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century’s most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril’s family of systems is powered by Lattice OS, an AI-powered operating system that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge autonomy, AI, computer vision, sensor fusion, and networking technology to the military in months, not years.

About The Team

The Cyber Assurance Team comprises ISSM, ISSO, and ISSE personnel who collectively ensure security compliance, authorization success, and security engineering throughout the system lifecycle. CAT members support proposal development, design reviews, system authorization, and continuous monitoring across all protection levels.

About The Job

We are looking for a Senior Manager, Cyber Assurance to provide strategic and operational leadership for the Cyber Assurance Team to ensure that all program systems achieve and maintain cybersecurity authorizations, comply with applicable security policies (JSIG, ICD 503, NIST 800‑53, DoD RMF), and deliver secure engineering throughout the system lifecycle. The Manager aligns CAT activities with proposal development, design reviews, system authorization, and continuous monitoring across all protection levels (PL‑2‑4).

What You’ll Do

• Define the CAT vision, objectives, and performance metrics
• Prioritize and allocate resources across ISSM, ISSO, and ISSE tasks to meet program milestones.
• Direct the end‑to‑end RMF lifecycle (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for all classified systems.
• Ensure System Security Plans (SSP), Security Assessment Reports (SAR), and POA&Ms are authored, reviewed, and updated in coordination with the ISSM.
• Supervise, mentor, and evaluate ISSM, ISSO, and ISSE personnel; maintain certification currency and professional development.
• Conduct regular CAT meetings, status briefings, and after‑action reviews.
• Oversee the continuous monitoring program, integrating findings from Splunk, Tenable, and other security tools.
• Manage GRC platforms (eMASS, Xacta) to track security artifacts, compliance evidence, and audit trails.
• Serve as Responsible Officer (or designate an Alternate) for COMSEC operations, ensuring proper key generation, distribution, accounting, and crypto‑erase processes.
• Lead risk‑assessment workshops to identify threats, vulnerabilities, and mitigation strategies specific to each protection level.
• Direct incident‑response activities, coordinating with the ISSO, ISSE, and government incident‑response teams.
• Provide executive briefings on authorization status, security posture, and risk‑based decisions.
• Contribute security guidance and accreditation strategies during proposal development, preliminary design reviews (PDR), and critical design reviews (CDR).
• Ensure security architecture documentation is incorporated into proposal deliverables.
• Ensure zero critical POA&M items remain open beyond 90 days; drive timely closure of all findings.
• Prepare for and support government security‑assessment visits, ensuring no findings that could suspend an ATO.
• Drive and monitor vulnerability‑remediation timelines – Establish and enforce the CAT‑I (≤ 15 days), CAT‑II (≤ 30 days) and CAT‑III (≤ 90 days) remediation windows for all identified findings; implement a tracking dashboard, conduct weekly status reviews, and intervene when any ticket approaches its deadline
• 03 - (CUI) Stat... (OCR).pdf.
• Guarantee STIG compliance across the environment – Direct the team to achieve and sustain DISA‑STIG compliance scores of ≥ 95 % on every managed system, using automated configuration‑validation tools (e.g., Puppet, SCAP) and periodic audit checkpoints
• Ensure incident‑response SLAs are met – Define severity‑based response and resolution targets, supervise the incident‑response workflow, and verify that all security events are closed within the agreed‑upon SLA windows; report outliers to senior leadership and trigger corrective‑action plans.
• Implement performance‑tracking and reporting – Develop key‑performance indicators (KPIs) for each of the above areas, produce weekly and monthly status briefs for the ISSO/ISSM and the USG Digital‑Infrastructure Working Group, and adjust resources or processes proactively to meet contractual obligations.
  
  

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).
• 8+ years of progressive cyber‑security leadership experience in DoD or classified environments. Certifications
• AM/IAT Level III (CISSP, CASP+, CISM, or equivalent).
• Additional certifications such as PMP, CISSP‑ISSAP, or CIPP are a plus.
• Deep knowledge of JSIG, ICD 503, NIST 800‑53, DoD RMF (DoDI 8510.01).
• Proven success obtaining ATO/IATT/IATO for PL‑2‑4 systems on NIPR, SIPR, and JWICS networks.
• Familiarity with SAP security, compartmented access controls, and COMSEC key management.
• Experience leading cross‑functional security teams (ISSM, ISSO, ISSE).
• Strong communication and stakeholder‑management abilities to interface with DISA, NSA, DIA, service CIOs, and government ISSMs.
• Active DoD Top Secret (TS/SCI‑eligible) clearance.
  
  

US Salary Range

$191,000—$253,000 USD

Healthcare Benefits

The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. Highly competitive equity grants are included in the majority of full time offers; and are considered part of Anduril's total compensation package. Additionally, Anduril offers top-tier benefits for full-time employees, including:

• US Roles: Comprehensive medical, dental, and vision plans at little to no cost to you.
• UK & AUS Roles: We cover full cost of medical insurance premiums for you and your dependents.
• IE Roles: We offer an annual contribution toward your private health insurance for you and your dependents.
  
  

Additional Benefits

• Income Protection: Anduril covers life and disability insurance for all employees.
• Generous time off: Highly competitive PTO plans with a holiday hiatus in December. Caregiver & Wellness Leave is available to care for family members, bond with a new baby, or address your own medical needs.
• Family Planning & Parenting Support: Coverage for fertility treatments (e.g., IVF, preservation), adoption, and gestational carriers, along with resources to support you and your partner from planning to parenting.
• Mental Health Resources: Access free mental health resources 24/7, including therapy and life coaching. Additional work-life services, such as legal and financial support, are also available.
• Professional Development: Annual reimbursement for professional development
• Commuter Benefits: Company-funded commuter benefits based on your region.
• Relocation Assistance: Available depending on role eligibility.
  
  

Retirement Savings Plan

• US Roles: Traditional 401(k), Roth, and after-tax (mega backdoor Roth) options.
• UK & IE Roles: Pension plan with employer match.
• AUS Roles: Superannuation plan.
  
  

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.

To view Anduril's candidate data privacy policy, please visit https://anduril.com/applicant-privacy-notice/.